Portable Spam Prevention

Posted in: Development

A blacklist can be a handy tool for preventing a certain kind of spam; the kind that seeks to gain page rank by having lots of links back to a certain page. It works because the URL is something the spammer must include if they want their spam to have any effect. If you build a blacklist in a plain text file, with one keyword (could be a domain, a word, whatever) for each line then it is really easy to plug into that list from a variety of applications.

I was getting some post spam in my PunBB forums, so I hooked up the forum posting to the same blacklist I use to prevent comment spam here in my blog. Here is the PHP code if you’d like to try it yourself:

$spam_urls = file("spam_urls.txt");
foreach ($spam_urls as $spam_url) {
$spam_url = str_replace(”\n”, “”, strtolower($spam_url));
if (strstr(strtolower(stripslashes($_REQUEST[”field_name”])), $spam_url)) {
die(’Oops, blocked.’);
}
}

To use:

  1. build your spam_urls.txt file
  2. change the variable (field_name) to the name of the field that can contain spam URLs (you can add additional fields as needed, the easiest way is to copy the “if” block)
  3. add this check that into the code just before something gets posted

If you use WordPress and like managing your blacklist in WordPress, you can set up a CRON job to create the text file from the blacklist in the database once an hour or so. If you only have the list in the database, it’s harder to leverage the list from other applications.

Popularity: 2% [?]

Posted October 20th, 2004 @ 9:02 AM

2 Replies

  1. Mike Hostetler adds this Comment:

    Great idea. One other thing you could snag from the cron job would be a published black list to augment your own. That would be nice because then you wouldn’t be starting from scratch.

    October 20th, 2004 at 10:29 am

  2. Keith adds this Comment:

    Two quick tips: use chop or rtrim instead of that str_replace, and in general, instead of using strstr, it’s better to do a comparison by using strpos and checking it (with the !== comparison) against false. strstr is wasteful when you’re just doing a comparison because it returns the rest of the string after the match.

    October 21st, 2004 at 3:24 am

Add a Comment

Please note: Use of a non-personal web site or blog in the field below and/or comments that are off-topic, personal attacks, or support requests will likely be removed at my discretion.

By commenting here you grant me a perpetual license to reproduce your words and submitted name/web site in attribution.

Note: This post is over 4 years old. You may want to check later in this blog to see if there is new information relevant to your comment.

Congratulations Red Sox! » « Changing BBEdit Color “Themes”

About This Site

This is the personal web site of Alex King, a web developer in Denver, Colorado USA. More...

Crowd Favorite

Crowd Favorite is my software and web development business.

We build web applications, design and develop custom WordPress themes and plugins, and build custom sites using WordPress as a CMS.

I also have a tumblog that aggregates my online content from other services (Twitter, Flickr, del.icio.us. etc.).

America

Ads

Free Tech Magazines